Re: [fw-wiz] syslog and network management

On Mon, 3 Mar 2008, Darden, Patrick S. wrote:

UDP is a LOT faster than TCP. No ECC so it uses less cpu, less memory,
and has less of a memory footprint. If you were dropping a lot of UDP,
then TCP would not help at all--you would receive less, just more

First, Cisco routers drop UDP on overlaod before they drop TCP, so if your
log server isn't on the same subnet, that may mean TCP is a better choice
if you're getting flooded.

Second, it depends on your buffers with TCP, but at least you'd know on
the receiving end that you're dropping packets. With buffer tuning, you
may be able to withstand flooding the log server and catching up again.

Third, I'm pretty sure the RFCs say that UDP must default to checksumming

Paul D. Robertson "My statements in this message are personal opinions
paul@xxxxxxxxxxxx which may have no basis whatsoever in fact."

firewall-wizards mailing list

Relevant Pages

  • NFS problem with recent 2.6 kernels (also serial console weirdness)
    ... 100000 2 tcp 111 portmapper ... 100000 2 udp 111 portmapper ... mounted filesystem with ordered data mode. ... Mounted root (ext3 filesystem) readonly. ...
  • Solaris 9 <---> linux (2.6.8) NFS file locking problem?
    ... to the same file placed on nfs filesystem. ... 100000 4 tcp 111 portmapper ... 100000 4 udp 111 portmapper ... 100021 1 udp 4045 nlockmgr ...
  • Urgent help with Secure NFS.
    ... have that option - I'm just attempting to tunnel all NFS traffic to the ... 100000 4 tcp 111 rpcbind ... 100000 4 udp 111 rpcbind ... 100021 1 tcp 49153 nlockmgr ...
  • Re: nfs error
    ... kernel: nfs: server ... So if your system uses ypbind be sure that is working properly before ... 100000 2 tcp 111 portmapper ... 100000 2 udp 111 portmapper ...
  • Re: Incoherent E-mails
    ... The Novell crap was originally run on IPX ... The term in the early-mid nineties was "packet storm". ... The original advantage of UDP was ... > 60 bytes for TCP. ...